CVE-2025-50422
BaseFortify
Publication date: 2025-08-04
Last updated on: 2025-08-26
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| freedesktop | cairo | * |
| freedesktop | poppler | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-617 | The product contains an assert() or similar statement that can be triggered by an attacker, which leads to an application exit or other behavior that is more severe than necessary. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in the Poppler library (specifically in the pdftocairo utility) before version 25.04.0. When pdftocairo processes a PDF and exits, it fails to properly clear heap memory that contains PDF stream objects. As a result, sensitive PDF content remains in memory and can be accessed by an attacker who can dump the process memory, potentially exposing clear-text PDF data including sensitive information within PDF streams. [1]
How can this vulnerability impact me? :
If you use vulnerable versions of Poppler, an attacker with local access to the system could dump the memory of the pdftocairo process after it exits and recover sensitive PDF content that was processed. This could lead to unauthorized disclosure of confidential information contained in PDF files. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by checking if the system is running a vulnerable version of Poppler prior to 25.04.0, especially the pdftocairo utility. Since the issue involves heap memory not being cleared upon program exit, detection involves verifying the Poppler version and potentially monitoring for local memory dumps of pdftocairo processes. Specific commands include: 1) Checking the Poppler version: `pdftocairo -v` or `poppler --version` to confirm if it is before 25.04.0. 2) Monitoring running processes for pdftocairo and inspecting memory dumps if local access is suspected. However, no direct network detection commands are provided. The repository includes a proof-of-concept exploit that demonstrates the memory dump technique. [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include upgrading Poppler to version 25.04.0 or later, where the vulnerability has been fixed. The fix is publicly available in the official Poppler repository and related Cairo merge requests. Additionally, restrict local access to systems running vulnerable versions to prevent attackers from dumping process memory. Avoid running pdftocairo on untrusted PDF files until the update is applied. [1]